TTCSIRT-208.051519: TT-CSIRT Advisory – Adobe Security Updates

TTCSIRT-208.051519: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that it has discovered the following issues in the latest versions of Adobe Acrobat and Reader:

a) Multiple Out-of-Bounds Read vulnerabilities that could allow for Information Disclosure – (CVE-2019-7841, CVE-2019-7836).

b) Multiple Use After Free vulnerabilities that could allow for Arbitrary Code Execution – (CVE-2019-7835, CVE-2019-7834).

c) A Double Free vulnerability that could allow for Arbitrary Code Execution – (CVE-2019-7784).

Successful exploitation of the most severe of these vulnerabilities could result in the attacker gaining control of the affected system and depending on the privileges associated with the user, an attacker could then install programs; view, change or delete data; or even create new accounts with full user rights.

Further information on these vulnerabilities and how they can be mitigated can be found on the Adobe website at https://helpx.adobe.com/security/products/acrobat/apsb19-18.html#VulnerabilityDetails